Menu
▾
▴
Re: [Opensc-devel] Understanding of ssh pkcs key provider
|
From: Douglas E E. <dee...@gm...> - 2016-05-20 12:09:25
|
On 5/19/2016 7:18 PM, Gyurgyik, Matthew S. wrote: > Hello. > > First, let me say I’m new to smart cards and I haven’t been able to find much documentation on how they work. I’m looking for some education, if there is a better place to post this question, please let me know. > > I can add keys provided by my smart card to ssh-agent with > > $ ssh-add -s /Library/OpenSC/lib/opensc-pkcs11.so > > However, if I remove the card from the reader and then reinsert it I have to re-add the keys > > $ ssh-add -e /Library/OpenSC/lib/opensc-pkcs11.so > $ ssh-add -s /Library/OpenSC/lib/opensc-pkcs11.so > > This happens on both OS X and RHEL7. I am assuming this expected behavior. Can someone explain (or point me to documentation) why it is necessary to remove the keys and re-add them? > You could ask on the OpenSSH list. I would suspect that the code is simple and only looks for a card when ssh-add is first called and the code does not know how to look for a reinsertion of the card. To see what it is doing, you could use the OpenSC SPY trace. See ssh-add example in: https://github.com/OpenSC/OpenSC/wiki/Using-OpenSC > Thank you, > Matthew Gyurgyik > > ------------------------------------------------------------------------------ > Mobile security can be enabling, not merely restricting. Employees who > bring their own devices (BYOD) to work are irked by the imposition of MDM > restrictions. Mobile Device Manager Plus allows you to control only the > apps on BYO-devices by containerizing them, leaving personal data untouched! > https://ad.doubleclick.net/ddm/clk/304595813;131938128;j > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > -- Douglas E. Engert <DEE...@gm...> |
